wip

264ee12d · Joanne Hugé · 66f9ad38 · 66f9ad38 · 66f9ad38 · 66f9ad38
Commit 264ee12d authored Nov 22, 2024 by Joanne Hugé
11 changed files
--- a/playbook/roles/amarisoft-upgrade/defaults/main.yml
+++ b/playbook/roles/amarisoft-upgrade/defaults/main.yml
-pkdir: /opt/private-key
--- a/playbook/roles/amarisoft-upgrade/tasks/main.yml
+++ b/playbook/roles/amarisoft-upgrade/tasks/main.yml
---
-
-  - set_fact: cn="{{ ansible_hostname }}"
-
-  - name: Configure /opt/amarisoft/shacache.cfg
-    copy: src=shacache.cfg dest=/opt/amarisoft/shacache.cfg owner=root mode=644
-
-  - stat: path="{{ pkdir }}/{{ cn }}.pub"
-    register: certificate
-
-  - name: Delete download directory
-    file: path={{ install_folder }}/download state=absent
-    when: certificate.stat.exists == True
-
-  - name: Create download directory
-    file: path={{ install_folder }}/download state=directory mode=0755
-    when: certificate.stat.exists == True
-
-  - name: Get license expiration
-    shell: '/opt/amarisoft/get-license-info -e || echo 0000-00-00'
-    register: license_expiration
-    when: certificate.stat.exists == True
-
-  - name: Get current version
-    shell: '/opt/amarisoft/get-license-info -v || echo 0000-00-00.0 | cut -d. -f1'
-    register: current_version
-    when: certificate.stat.exists == True
-
-  - name: Get current version timestamp
-    shell: '/opt/amarisoft/get-license-info -v | grep "\." || echo 0000-00-00.0 | cut -d. -f2'
-    register: current_timestamp
-    when: certificate.stat.exists == True
-
-  - debug:
-      msg: "[{{ ansible_date_time.date }} {{ ansible_date_time.time }}] License will expire on {{ license_expiration.stdout }}, current version is {{ current_version.stdout }}.{{ current_timestamp.stdout }}"
-    when: certificate.stat.exists == True
-
-  - name: Get new amarisoft version if available
-    shell: "networkcache-download -c /opt/amarisoft/shacache.cfg -k key-private:amarisoft 'cn==\"{{ cn }}\"' 'version<=\"{{ license_expiration.stdout }}\"' 'timestamp>=\"0\"' 'version>>\"0\"' 'timestamp>>\"0\"' --list | grep version | cut -d\\\" -f4"
-    register: new_version
-    when: certificate.stat.exists == True
-
-  - name: Get new amarisoft timestamp if available
-    shell: "networkcache-download -c /opt/amarisoft/shacache.cfg -k key-private:amarisoft 'cn==\"{{ cn }}\"' 'version<=\"{{ license_expiration.stdout }}\"' 'timestamp>=\"0\"' 'version>>\"0\"' 'timestamp>>\"0\"' --list | grep timestamp | cut -d\\\" -f4"
-    register: new_timestamp
-    when: certificate.stat.exists == True
-
-  - set_fact: new_version_found=False
-
-  - set_fact: new_version_found=True
-    when: new_version.stdout > current_version.stdout or (new_version.stdout == current_version.stdout and new_timestamp.stdout > current_timestamp.stdout)
-
-  - debug:
-      msg: "[{{ ansible_date_time.date }} {{ ansible_date_time.time }}] Found version {{ new_version.stdout }}.{{ new_timestamp.stdout }}"
-    when: certificate.stat.exists == True
-
-  - name: Download nonce to decrypt new amarisoft version
-    shell: "networkcache-download -c /opt/amarisoft/shacache.cfg -k file-private:amarisoft 'version==\"{{ new_version.stdout }}\"' 'timestamp==\"{{ new_timestamp.stdout }}\"' --list | grep nonce | cut -d\\\" -f4 > {{ install_folder }}/download/nonce"
-    register: nonce
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - set_fact: version="{{ new_version.stdout }}"
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Download new amarisoft version
-    shell: "networkcache-download -c /opt/amarisoft/shacache.cfg -k file-private:amarisoft 'version==\"{{ new_version.stdout }}\"' 'timestamp==\"{{ new_timestamp.stdout }}\"' > {{ install_folder }}/download/amarisoft.tar.gz.enc"
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Download encrypted symmetric key for new amarisoft version
-    shell: "networkcache-download -c /opt/amarisoft/shacache.cfg -k key-private:amarisoft 'cn==\"{{ cn }}\"' 'version==\"{{ new_version.stdout }}\"' 'timestamp==\"{{ new_timestamp.stdout }}\"' > {{ install_folder }}/download/symmetric_key.bin.enc"
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Create directory if it does not exist
-    file: path={{ install_folder }}/{{ version }} state=directory mode=0755
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Create directory if it does not exist
-    file: path={{ install_folder }}/_{{ version }} state=directory mode=0755
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Decrypt key
-    shell: 'openssl pkeyutl -decrypt -in {{ install_folder }}/download/symmetric_key.bin.enc -inkey /opt/private-key/{{ cn }}.key -out /opt/private-key/symmetric_key-{{ version }}.key'
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Decrypt archive
-    script: encrypt-data.sh /opt/private-key/symmetric_key-{{ version }}.key {{ install_folder }}/download/nonce decrypt {{ install_folder }}/download/amarisoft.tar.gz.enc {{ install_folder }}/amarisoft.tar.gz
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Extract archive
-    unarchive:
-      src: "{{ install_folder }}/amarisoft.tar.gz"
-      dest: "{{ install_folder }}"
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Extract lteenb archive
-    unarchive:
-      src: "{{ install_folder }}/{{ version }}/lteenb-linux-{{ version }}.tar.gz"
-      dest: "{{ install_folder }}/_{{ version }}"
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Extract ltemme archive
-    unarchive:
-      src: "{{ install_folder }}/{{ version }}/ltemme-linux-{{ version }}.tar.gz"
-      dest: "{{ install_folder }}/_{{ version }}"
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Extract trx_sdr archive
-    unarchive:
-      src: "{{ install_folder }}/{{ version }}/trx_sdr-linux-{{ version }}.tar.gz"
-      dest: "{{ install_folder }}/_{{ version }}"
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Create a symbolic link for lteenb
-    file:
-      src: "lteenb-linux-{{ version }}"
-      dest: "{{ install_folder }}/_{{ version }}/enb"
-      state: link
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Create a symbolic link for ltemme
-    file:
-      src: "ltemme-linux-{{ version }}"
-      dest: "{{ install_folder }}/_{{ version }}/mme"
-      state: link
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Create a symbolic link for trx_sdr
-    file:
-      src: "trx_sdr-linux-{{ version }}"
-      dest: "{{ install_folder }}/_{{ version }}/trx_sdr"
-      state: link
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Copy trx_sdr libraries
-    shell: 'cp {{ install_folder }}/_{{ version }}/trx_sdr/*.so* {{ install_folder }}/_{{ version }}/enb/'
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Copy libraries to mme
-    shell: 'cp {{ install_folder }}/{{ version }}/libs/*.so* {{ install_folder }}/_{{ version }}/mme/'
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-    ignore_errors: True
-
-  - name: Copy libraries to mme
-    shell: 'cp {{ install_folder }}/{{ version }}/libs/linux/*.so* {{ install_folder }}/_{{ version }}/mme/'
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-    ignore_errors: True
-
-  - name: Copy libraries to enb
-    shell: 'cp {{ install_folder }}/{{ version }}/libs/*.so* {{ install_folder }}/_{{ version }}/enb/'
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-    ignore_errors: True
-
-  - name: Copy libraries to enb
-    shell: 'cp {{ install_folder }}/{{ version }}/libs/linux/*.so* {{ install_folder }}/_{{ version }}/enb/'
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-    ignore_errors: True
-
-  - name: Move amarisoft folder
-    shell: 'mv {{ install_folder }}/_{{ version }} {{ install_folder }}/v{{ version }}.{{ new_timestamp.stdout }}'
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Remove extraction folder
-    file: 
-      path: "{{ install_folder }}/{{ version }}"
-      state: absent
-    when: (certificate.stat.exists == True) and (new_version_found == True)
--- a/playbook/roles/generate-key/defaults/main.yml
+++ b/playbook/roles/generate-key/defaults/main.yml
-pkdir: /opt/private-key
--- a/playbook/roles/generate-key/meta/main.yml
+++ b/playbook/roles/generate-key/meta/main.yml
---
-dependencies:
-  - { role: package, package_name: openssl, package_state: present  }
--- a/playbook/roles/generate-key/tasks/main.yml
+++ b/playbook/roles/generate-key/tasks/main.yml
---
-
-  - set_fact: cn="{{ ansible_hostname }}"
-
-  - name: Create directory if it does not exist
-    file: path="{{ pkdir }}" state=directory mode=0755
-
-  - stat: path="{{ pkdir }}/{{ cn }}.key"
-    register: private_key
-
-  - name: Generate private key
-    shell: 'openssl genrsa -out {{ pkdir }}/{{ cn }}.key 4096'
-    when: private_key.stat.exists == False
-
-  - stat: path="{{ pkdir }}/{{ cn }}.key"
-    register: private_key
-
-  - stat: path="{{ pkdir }}/{{ cn }}.pub"
-    register: public_key
-
-  - name: Generate public key
-    shell: 'openssl rsa -in {{ pkdir }}/{{ cn }}.key -outform PEM -pubout -out {{ pkdir }}/{{ cn }}.pub'
-    when: private_key.stat.exists == True and public_key.stat.exists == False
-
-  - name: Get monitor private directory path
-    shell: 'realpath $(dirname $(grep -lR "software_release_url = .*software/monitor/software.cfg" $(find /srv/slapgrid -type f -name "buildout.cfg")))/srv/monitor/private'
-    register: monitor_path
-    when: playbook_report | bool
-    ignore_errors: yes
-
-  - name: Create directory if it does not exist
-    file: path="{{ monitor_path.stdout }}/playbook-report" state=directory mode=0755
-    when: (monitor_path is succeeded) and (playbook_report | bool)
-
-  - stat: path="{{ pkdir }}/{{ cn }}.pub"
-    register: public_key
-    when: (monitor_path is succeeded) and (playbook_report | bool)
-
-  - name: Copy public key
-    copy: src="{{ pkdir }}/{{ cn }}.pub" dest="{{ monitor_path.stdout }}/playbook-report/{{ cn }}.pub" owner=root mode=774
-    when: (monitor_path is succeeded) and (playbook_report | bool) and (public_key.stat.exists == True)
--- a/playbook/roles/generate-key/templates/ansible-report.j2
+++ b/playbook/roles/generate-key/templates/ansible-report.j2
-{"time": "{{ ansible_date_time['date'] }} {{ ansible_date_time['time'] }}", "log_level": "INFO", "message": "msg"}
--- a/playbook/roles/ors/defaults/main.yml
+++ b/playbook/roles/ors/defaults/main.yml
@@ -2,3 +2,4 @@ playbook_report: False
 amarisoft_dir: /opt/amarisoft
 sdr_dir: /opt/sdr
 simpleran_dir: /opt/simpleran
+pk_dir: /opt/private-key
--- a/playbook/roles/amarisoft-upgrade/files/encrypt-data.sh
+++ b/playbook/roles/amarisoft-upgrade/files/encrypt-data.sh
--- a/playbook/roles/amarisoft-upgrade/files/shacache.cfg
+++ b/playbook/roles/amarisoft-upgrade/files/shacache.cfg
--- a/playbook/roles/ors/meta/main.yml
+++ b/playbook/roles/ors/meta/main.yml
@@ -8,3 +8,4 @@ dependencies:
  - { role: package, package_name: curl, package_state: present  }
  - { role: package, package_name: sudo, package_state: present  }
  - { role: package, package_name: libsctp-dev, package_state: present  }
+  - { role: package, package_name: openssl, package_state: present  }
--- a/playbook/roles/ors/tasks/main.yml
+++ b/playbook/roles/ors/tasks/main.yml
@@ -3,6 +3,16 @@
  - name: Create /opt/upgrader where some logs will be stored
    file: path=/opt/upgrader state=directory mode=0755

+  - name: Get monitor private directory path
+    shell: 'realpath $(dirname $(grep -lR "software_release_url = .*software/monitor/software.cfg" $(find /srv/slapgrid -type f -name "buildout.cfg")))/srv/monitor/private'
+    register: monitor_path
+    when: playbook_report | bool
+    ignore_errors: yes
+
+  - name: Create directory if it does not exist
+    file: path="{{ monitor_path.stdout }}/playbook-report" state=directory mode=0755
+    when: (monitor_path is succeeded) and (playbook_report | bool)
+
 # Amarisoft scripts

  - name: Create {{ amarisoft_dir }} directory
@@ -26,14 +36,44 @@
  - name: Copy rm-tmp-lte script
    copy: src=rm-tmp-lte dest={{ amarisoft_dir }} owner=root mode=550

-# Amarisoft upgrade
+# Generate key

  - set_fact: cn="{{ ansible_hostname }}"

+  - name: Create {{ pk_dir }} directory
+    file: path="{{ pk_dir }}" state=directory mode=0755
+
+  - stat: path="{{ pk_dir }}/{{ cn }}.key"
+    register: private_key
+
+  - name: Generate private key
+    shell: 'openssl genrsa -out {{ pk_dir }}/{{ cn }}.key 4096'
+    when: private_key.stat.exists == False
+
+  - stat: path="{{ pk_dir }}/{{ cn }}.key"
+    register: private_key
+
+  - stat: path="{{ pk_dir }}/{{ cn }}.pub"
+    register: public_key
+
+  - name: Generate public key
+    shell: 'openssl rsa -in {{ pk_dir }}/{{ cn }}.key -outform PEM -pubout -out {{ pk_dir }}/{{ cn }}.pub'
+    when: private_key.stat.exists == True and public_key.stat.exists == False
+
+  - stat: path="{{ pk_dir }}/{{ cn }}.pub"
+    register: public_key
+    when: (monitor_path is succeeded) and (playbook_report | bool)
+
+  - name: Copy public key
+    copy: src="{{ pk_dir }}/{{ cn }}.pub" dest="{{ monitor_path.stdout }}/playbook-report/{{ cn }}.pub" owner=root mode=774
+    when: (monitor_path is succeeded) and (playbook_report | bool) and (public_key.stat.exists == True)
+
+# Amarisoft upgrade
+
  - name: Configure {{ amarisoft_dir }}/shacache.cfg
    copy: src=shacache.cfg dest={{ amarisoft_dir }}/shacache.cfg owner=root mode=644

-  - stat: path="{{ pkdir }}/{{ cn }}.pub"
+  - stat: path="{{ pk_dir }}/{{ cn }}.pub"
    register: certificate

  - name: Delete download directory